Wido Thanks for the detailed update!
On 12/18/15 5:40 AM, Wido den Hollander wrote: > Hi, > > Yesterday we from PCextreme, Leaseweb and Schuberg Phillis sat down for > a IPv6 brainstorm session. > > We asked a good IPv6 consultant (Sander Steffann) to join us to help us > identify some glitches in our ideas. > > We had two ideas: > - > https://cwiki.apache.org/confluence/display/CLOUDSTACK/IPv6+in+Basic+Networking > - https://cwiki.apache.org/confluence/display/CLOUDSTACK/IPv6+in+VPC+Router > > Overall, our ideas looked good, our main concern was security grouping. > How to prevent clients from spoofing and such. > > I updated the spec for the Basic Networking with those ideas. > > A few things worth noting: > - Link-Local traffic should be allowed for specific ICMPv6-only. No UDP > or TCP! > - A DUID can not be trusted. We need a tagger on the HV which adds the > MAC address as DHCPv6 option 37. > - SLAAC can not be used. DHCPv6+IA only > - We can assign multiple IPs and Prefixes via DHCPv6 > - ISC Kea seems very nice as a DHCPv6 server: http://kea.isc.org/wiki > > A few RFCs which might be worth reading: > - https://www.ietf.org/rfc/rfc4890.txt > - https://tools.ietf.org/html/rfc6939 > - https://tools.ietf.org/html/rfc4861 > > We will start to work on this, but the CloudStack core is still very, > very, very IPv4 minded and this will need a lot of refactoring. > > However, once you understand IPv6 better it is much more simple then > IPv4 imho. > > The end goal is that CloudStack can run on IPv6-only without ANY IPv4. > > What also resulted from this day: > - Basic Networking can probably be merged with Advanced Networking with > Direct Attached > - Isolated Networks are about the same as a VPC > - We might be able to ditch the SSVM in most situations > > Any way, enough work to do! > > Wido >
